Junos
Junos

About $ 9 $ format or $ 8 $ format of the master-password documentation

2 weeks ago

The master-password documentation says $ 9 $ format or $ 8 $ format.

https://www.juniper.net/documentation/en_US/junos/topics/topic-map/master-password-configuration-enc...

 

Do you know what the specific formats are?

6 REPLIES 6
Junos

Re: About $ 9 $ format or $ 8 $ format of the master-password documentation

2 weeks ago

Master password uses $8$ format.

$9$ format (existing format)  is used to encrypt secrets like the RADIUS password, IKE preshared keys, and other shared secrets in the Junos OS configuration. 

 

Thanks,
Nellikka
JNCIE x3 (SEC #321; SP #2839; ENT #790)
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
Junos

Re: About $ 9 $ format or $ 8 $ format of the master-password documentation

2 weeks ago

Hi

The $9 format employ an obfuscation algorithm to map strings (weak encryption). Encoding involves a header of starting noise, followed by string encoding under essentially a Vigenère cipher.

 

If you want a strong encryption for your configuration secrets, you can configure a master password. The master password is used to derive an encryption key that is used with AES256-GCM to encrypt configuration secrets. This new encryption method uses the $8$ formatted strings.

 

The $8$-encrypted passwords have the following format:

$8$crypt-algo$hash-algo$iterations$salt$iv$tag$encrypted

 

Format Description

crypt-algo

Encryption/decryption algorithm to be used. Currently only AES256-GCM is supported.

hash-algo

Hash (prf) algorithm to be used for the PBKDF2 key derivation.

iterations

The number of iterations to use for the PBKDF2 hash function. Current iteration-count default is 100. The iteration count slows the hashing count, thus slowing attacker guesses.

salt

Sequence of ASCII64-encoded pseudorandom bytes generated during encryption that are to be used to salt(a random, but known string) the password and input to the PBKDF2 key derivation.

iv

A sequence of ASCII64-encoded pseudorandom bytes generated during encryption that are to be used as initialization vector for the AES256-GCM encryption function.

tag

ASCII64-encoded representation of the tag.

encrypted

ASCII64-encoded representation of the encrypted password.

 

Hope this helps.

Junos

Re: About $ 9 $ format or $ 8 $ format of the master-password documentation

[ Edited ]
a week ago

Hi all.

I have a similler question.

 

Is "$9$ format" junos term ? 

When I googled "$9$ format", but I cannot find general meaning.

In $9$ or $8$, what does the numbers mean ?

 

Regards,

Junos

Re: About $ 9 $ format or $ 8 $ format of the master-password documentation

a week ago

Hi

The '$9' or '$8' represents the starting string in the encryted password(which is being shown in configuration) and indicate the type of encryption used.

eg:

"$9$01X/1EyM87s2alK2aZU.mO1R"

 $9 format in Juniper is similar to the type 7 in cisco

 

 

Regards

 

Junos

Re: About $ 9 $ format or $ 8 $ format of the master-password documentation

a week ago

Hi, Is there a table for $ 9 format?

Junos

Re: About $ 9 $ format or $ 8 $ format of the master-password documentation

Friday

Hi 

$9 is not having a structured format unlike $8. It is encrypted by shifting the alphabets like a Vigenère cipher

https://en.wikipedia.org/wiki/Vigen%C3%A8re_cipher